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DETAILED ACTION 

Response to Amendment 

1 . This Office Action is responsive to the amendment filed January 22, 2008. Claims 1-8, 
10-17, 19-40 are pending. 

Response to Arguments 

2. Applicant's arguments filed January 22, 2008 have been fully considered but they are not 
persuasive. 

3. As per claims 7, 16, and 25, Applicant's asserts that the office action mischaracterizes the 
use of pseudonym and explains that the pseudonym "is not an account number, but rather it can 
be a code or number that can be linked with an account number" and directs the Examiner to 
paragraph [0016] of the specification. 

The Examiner notes, as implied by the phrase "can be", pseudonym defined in 
Applicant's specification is merely an example. Thus, because the specification does not give 
any lexicographic definition of the term, pseudonym is given the broadest reasonable 
interpretation. Further, Applicant has not objectively indicated and redefined claim limitation(s) 
to have meanings other than their ordinary and accustomed meanings, the Examiner concludes 
that Applicants have decided not to be their own lexicographer. To support this position, the 
Examiner relies on the following factual findings. First, the Examiner has carefully reviewed the 
specification and prosecution history and can not locate any lexicographic definition(s). Second, 
the Examiner finds that not only have Applicants not pointed to definitional statements in their 
specification or prosecution history, Applicants have also not pointed to a term or terms in a 
claim with which to draw in those statements with the required clarity, deliberateness, and 
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precision. Accordingly and for due process purposes, the Examiner gives notice that for the 
remainder of the examination process (and unless expressly noted otherwise by the Examiner), 
the heavy presumption in favor of the ordinary and accustomed meaning is not overcome; the 
claims therefore continue to be interpreted with their "broadest reasonable interpretation 
In re Morris, 111 F.3d 1048, 1054, 44 USPQ2d 1023, 1027 (Fed. Cir. 1997). The Examiner 
now relies heavily and extensively on this interpretation. Unless expressly noted otherwise by 
the Examiner, the preceding claim interpretation principles in this paragraph apply to all 
examined claims currently pending. 

Additionally, Otto indicates that the anonymous identifying information can include an 
anonymous name or anonymous address (see paragraph [0028]). The anonymous information, 
which includes an anonymous name, is associated with the user's real identifying information, 
which includes an account number (paragraph [0029]). Since the anonymous information is 
associated with the real identifying information, the data are linked. 

4. Also, Applicant states that "the pseudonym can be used to correlate certain aspects of a 
transaction" and "is not necessary a permanent entity, it may be set to expire after a certain 
period of time". 

In response, the Examiner notes although the claims are interpreted in light of the 
specification, limitations from the specification are not read into the claims. See In re Van 
Geuns, 988 F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993). 

5. Applicant states that 'Allen does not disclose a pseudonym, for the same reasons as 
discussed previously in reference to Otto". However, the Examiner respectfully disagrees and 
directs Applicant to the response above and paragraph [0049] of Allen. 
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Claim Rejections - 35 USC §103 

6. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

7. Claims 1, 10, 19, 32, 33 and 38 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over US Publication No. 2005/0021781 to Sunder et al. ("Sunder") in view of US Patent No. 
7069249 to Stolfo et al. ("Stolfo"). 

Referring to claim 1 , Sunder discloses receive an authentication request from a 
cardholder system (i.e. client device)(see paragraphs [0005] & [0007]), forward the 
authentication request to an access control server (see paragraph [0008]), relay authentication 
information between the access control server and the cardholder system receive an 
authentication response from the access control server and forward the authentication response to 
the cardholder system (see paragraphs [[0010] &[001 1]). Sunder does not expressly disclose 
wherein the central transaction server initiates a payment request process. Stolfo discloses a 
central transaction server (proxy computer) initiates a payment request process (see col. 30, lines 
31-39) At the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to modify the system disclose by Sunder to include a central transaction server that 
initiates a payment request process. One of ordinary skill in the art would have been motivated 
to do this because it provides an additional level of security. 
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Claims 10, 19, 32 and 33 are rejected on the same rationale as claim 1 above. 

Referring to claim 38, Sunder discloses an authentication server (see claim 1 above). 
Sunder does not expressly disclose the server hosts at least one web page. Stolfo discloses an 
authentication server that hosts at least one web page (see col. 22, lines 19-32 - the proxy system 
provides the vendor's webpage). At the time the invention was made, it would have been 
obvious to a person of ordinary skill in the art to modify the system disclose by Sunder to include 
the process where the authentication server hosts at least one web page. One of ordinary skill in 
the art would have been motivated to do this because it provides an additional level of security. 

8. Claims 2, 1 1 and 20 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Sunder, Stolfo as applied to claim 1 above, and further in view of U.S. Publication 
No.2002/0128973 to Kranzley et al. ("Kranzley"). 

Referring to claim 2, Sunder discloses an electronic commerce card authentication system 
(see claim 1 above). Sunder does not expressly disclose the authentication response is adapted to 
be analyzed by a merchant system. Kranzley discloses formatting SET messages that are 
compatible with a merchant system (see paragraph [0032] ) At the time the invention was made, 
it would have been obvious to a person of ordinary skill in the art to apply the concept taught by 
Kranzley to Sunder in order to translate the response to a format compatible with a merchant 
system. One of ordinary skill in the art would have been motivated to do this because provides a 
means for the merchant system to read and process the message. 

Claims 1 1 and 20 are rejected on the same rationale as claim 2 above. 
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9. Claim 3, 12 and 21 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Sunder and Stolfo as applied to claim 1 above, and further in view of U.S. Publication No. 
2003/0046541 to Gerdes et al. ("Gerdes"). 

Sunder discloses an electronic commerce card authentication system (see claim 1 above). 
Sunder does not expressly disclose wherein the central transaction server is adapted to forward a 
copy of the authentication response to an authentication history server to be archived. Gerdes 
discloses a central transaction server that forwards a copy of an authentication response to an 
authentication history server to be archived (see paragraph [0057]). At the time the invention 
was made, it would have been obvious to a person of ordinary skill in the art to modify the 
system disclose by Sunder to include a copy of the authentication response to an authentication 
history server. One of ordinary skill in the art would have been motivated to do this because it 
provides a history of authentication transaction (see paragraph [0057 of Gerdes). 

Claims 12 and 21 are rejected on the same rationale as claim 3 above. 

10. Claims 4-6, 13-15, 22-24, and 28 -3 1 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Sunder and Stolfo as applied to claims 1,10 above, and further in view of US 
Publication No. 2004/0254848 to Golan et al. ("Golan"). 

Referring to claims 4 and 5, Sunder discloses the electronic commerce card 
authentication system (see claim 1 above). Sunder does not expressly disclose wherein the 
central transaction server further receives a verifying enrollment request from a directory server, 
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and to send a verifying enrollment response to the directory server; wherein the central 
transaction server is sends the verifying enrollment response in response to a query to the access 
control server. Golan discloses wherein the central transaction server further receives a 
verifying enrollment request from a directory server, and to send a verifying enrollment response 
to the directory server; wherein the central transaction server is adapted to send the verifying 
enrollment response in response to a query to the access control server (see paragraphs [0094]- 
[0097] & claims 5,6). At the time the invention was made, it would have been obvious to a 
person of ordinary skill in the art to modify the system disclose by Sunder to include the system 
wherein the central transaction server receives a verifying enrollment request from a directory 
server, and to send a verifying enrollment response to the directory server; wherein the central 
transaction server sends the verifying enrollment response in response to a query to the access 
control server. One of ordinary skill in the art would have been motivated to do this because 
provides an additional level of verification, thereby securing the system. 

Referring to claim 6, Sunder discloses the electronic commerce card authentication 
system (see claim 1 above). Sunder does not expressly disclose the central transaction server is 
adapted to send the verifying enrollment response to the directory server with or without 
querying the access control server, and is further adapted to query the access control server in 
response to receiving an authentication request. Golan discloses the central transaction server is 
adapted to send the verifying enrollment response to the directory server with or without 
querying the access control server, and is further adapted to query the access control server in 
response to receiving an authentication request (see paragraphs [0099] & [0100]). At the time 
the invention was made, it would have been obvious to a person of ordinary skill in the art to 
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modify the system disclose by Sunder to include the system wherein the central transaction 
server is adapted to send the verifying enrollment response to the directory server with or 
without querying the access control server, and is further adapted to query the access control 
server in response to receiving an authentication request. One of ordinary skill in the art would 
have been motivated to do this because provides an additional level of verification, thereby 
securing the system. 

Claims 13, 22, 28, and 30 are rejected on the same rationale as claim 4 above. 

Claims 14 and 23 are rejected on the same rationale as claim 5 above. 

Claims 15 and 24 are rejected on the same rationale as claims 6 above. 

Referring to claims 29 and 31, Sunder discloses the electronic commerce card 
authentication system (see claims 28 and 30 respectively above). Sunder does not expressly 
disclose modifying the verifying enrollment request from a directory server, and forwarding the 
modified verifying enrollment response to the directory server. Golan discloses receiving a 
verifying enrollment request from a directory server, and to send a verifying enrollment response 
to the directory server and sending the verifying enrollment response in response to a query to 
the access control server (see paragraphs [0094]-[0097] & claims 5,6). Golan does not teach the 
request being modified; however, the concept of modifying data is well known in the art of data 
processing. Thus, at the time the invention was made, it would have been obvious to a person of 
ordinary skill in the art to modify the system disclose by Sunder to include the steps of disclose 
receiving a verifying enrollment request from a directory server, and to send a verifying 
enrollment response to the directory server and sending the verifying enrollment response in 
response to a query to the access control server. One of ordinary skill in the art would have been 
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motivated to do this because provides an additional level of verification, thereby securing the 
system. 

1 1 . Claims 7, 16, and 25 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Sunder and Stolfo as applied to claims 1,10 and 19 above, and further in view of US Publication 
No. 2001/0029496 to Otto et al. ("Otto") 

Referring to claim 7, Sunder discloses the electronic commerce card authentication 
system (see claim 1 above). Sunder does not expressly disclose the authentication request 
includes a pseudonym corresponding to an electronic commerce card account number and 
previously created by the central transaction server. Otto discloses the authentication request 
includes a pseudonym corresponding to an electronic commerce card account number and 
previously created by the central transaction server (see paragraph [0027] - [0029] -the user can 
submit the anonymous identifying information to the merchant; the merchant submits the request 
the banking network who then forwards the request to the financial institution that issued the 
anonymous card). At the time the invention was made, it would have been obvious to a person 
of ordinary skill in the art to modify the system disclose by Sunder to include a pseudonym 
corresponding the electronic commerce card account number in the authentication request, the 
pseudonym previously created by the central transaction server. One of ordinary skill in the art 
would have been motivated to do this because it secures user's identity by providing a means for 
users to anonymously purchase goods and services over a network (see Otto paragraph [0007]). 

Claims 16 and 25 are rejected on the same rationale as claim 7 above. 
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12. Claims 8, 17 and 26 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Sunder and Stolfo as applied to claims 1,10 and 19 above, and further in view of US Publication 
No. 2003/0168510 to Allen. 

Referring to claim 8, Sunder discloses the electronic commerce card authentication 
system (see claim 1 above). Sunder does not expressly disclose the authentication request 
includes a pseudonym previously created by a merchant system that corresponds to an electronic 
commerce card account number. Allen discloses a merchant generating a pseudonym (see 
abstract, paragraphs [0002] & [0028]). At the time the invention was made, it would have been 
obvious to a person of ordinary skill in the art to modify the system disclose by Sunder to include 
a pseudonym previously created by the merchant. One of ordinary skill in the art would have 
been motivated to do this because it protects messages and information being transmitted during 
a transaction. 

Claims 17 and 26 are rejected on the same rationale as claim 8 above. 

13. Claims 34- 37, 39 and 40 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
to Sunder et al. ("Sunder") and Golan in view of Allen. 

Referring to claim 34, Sunder discloses receiving an authentication request from a holder 
system (i.e. client device) (see paragraphs [0005] & [0007]), sending the authentication request 
with the pseudonym to the access control server (see paragraph [0008]), receiving an 
authentication response and sending the authentication response to the holder system (see 
paragraphs [[0010] & [001 1]). Sunder does not expressly disclose receiving a verifying 
enrollment request, sending the verifying enrollment response to an access control server, 
receiving a verifying enrollment response from the access control server, creating an altered 
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verifying enrolling response comprising a pseudonym, sending the altered verifying enrollment 
response to a merchant system, wherein the merchant system subsequently sends an 
authentication request including the pseudonym to a holder system. Golan discloses receiving a 
verifying enrollment request, sending the verifying enrollment response to an access control 
server, receiving a verifying enrollment response from the access control server (see paragraphs 
[0094] - [0097] & claims 5,6). As for creating an altered verifying enrollment response 
comprising a pseudonym and sending the altered verifying enrollment response to a merchant 
system, wherein the merchant system subsequently sends an authentication request including the 
pseudonym to a holder system, combining the pseudonym concepts taught by Sunder, the 
verification of enrollment concepts taught by Golan and the creation a pseudonym taught by 
Allen (see paragraphs [0002], [0028] & abstract) would result in these steps. At the time the 
invention was made, it would have been obvious to a person of ordinary skill in the art to modify 
the system disclose by Sunder to include the steps of receiving a verifying enrollment request, 
sending the verifying enrollment response to an access control server, receiving a verifying 
enrollment response from the access control server, creating an altered verifying enrolling 
response comprising a pseudonym, sending the altered verifying enrollment response to a 
merchant system, wherein the merchant system subsequently sends an authentication request 
including the pseudonym to a holder system. One of ordinary skill in the art would have been 
motivated to do this because it provides an additional level of security. 

As for claims 35-37, Sunder teaches these steps (see claim 34 above). 

Referring to claims 39 and 40, Sunder teaches a central transaction server (see claim 34 
above). Sunder does not expressly disclose the authentication request including the pseudonym 
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sent to a holder system further comprises a web page containing a redirect command, wherein 
the command is an HTTP redirect command, comprising the address of the central transaction 
server. Stolfo discloses the missing elements (see col. 22, lines 19-32 - the proxy system 
provides the vendor's webpage, which is inherently using a redirect command; also, fig. 9 & the 
associated text, teaches the redirect feature). At the time the invention was made, it would have 
been obvious to a person of ordinary skill in the art to modify the system disclose by Sunder to 
include the process where the authentication server hosts at least one web page. One of ordinary 
skill in the art would have been motivated to do this because it provides an additional level of 
security. 

Conclusion 

14. Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jalatee Worjloh whose telephone number is 571-272-6714. The 
examiner can normally be reached on Monday - Friday 10:00 -6:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Andrew Fischer can be reached on 571-272-6779. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/Jalatee Worjloh/ 

Primary Examiner, Art Unit 3621 



